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REMARKS 

This Amendment is filed in response to the Office Action mailed Nov. 14, 2007. 
The Applicant respectfully requests reconsideration. The objections and rejections are 
respectfully traversed. 

Claims 1-28 are pending in the case. 

Claims 1, 18, 24, 25, 26 and 27 have been amended to address typographical 

errors 

No additional claims have been added. 

Claim Objections 

At paragraph 6 of the Office Action, claims 1-13 and 18-24 were objected to due 
to a typographical error. 

At paragraph 7 of the Office Action, claims 25-28 were objected to due to a typo- 
graphical error. 

The Applicant has corrected these typographical errors and believes these claims 
are now non-objectionable. 

At paragraph 8 of the Office Action, the Examiner comments that claims 27 and 
28 appear as substantial duplicates of certain other claims. The Applicant notes claims 
27 and 28 were intended to depend from claim 25, and that dependency from claim 1 was 
a typographical error. The Applicant has amended the claims to depend from the proper 
independent claim, and as such, believes they no longer will be considered substantial 
duplicates. 

Claim Rejections - 35 U.S.C. §102 

At paragraphs 9-20 of the Office Action, claims 1-5, 8, 9, 11, 14, 15, 17-19, and 
21-28 were rejected under 35 U.S.C. §102(e) over Kwan et al., U.S. Publication No. 
2003/0055570 (hereinafter "Kwan"). 
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The Applicant's claim 1, representative in part of the other rejected claims, sets 

forth: 

1. A method for implementing port-based network access control at a 
shared media port in an intermediate node, the shared media port being 
coupled to a plurality of client nodes, the method comprising: 

partitioning the shared media port into a plurality of logical sub- 
interfaces, each logical subinterface dedicated to providing access to a 
different network or subnetwork accessible through the intermediate 
node; 

receiving a data packet at the shared media port from a first client 

node; 

associating the received data packet with a first logical subinter- 
face in the plurality of logical subinterfaces; 

determining whether the first client node is authenticated to 
communicate over the first logical subinterface' s dedicated network or 
subnetwork; and 

if the first client node is determined to be authenticated to commu- 
nicate over the first logical subinterface' s dedicated network or subnet- 
work, forwarding the received data packet over the first logical subinter- 
face 's dedicated network or subnetwork; 

receiving a second data packet at the shared media port from a sec- 
ond client node; 

associating the second received data packet with the first logical 
subinterface; 

determining whether the second client node is authenticated to 
communicate over the first logical subinterface' s dedicated network or 
subnetwork; 

if the second client node is determined to not be authenticated to 
communicate over the first logical subinterface' s dedicated network or 
subnetwork, preventing the second received data packet from being for- 
warded over the first logical subinterface 's dedicated network or subnet- 
work, while still allowing data packets from the first client node to be for- 
warded if the first client node is determined to be authenticated. 

Kwan discusses a multi-tiered network security system. See paragraphs 0008 and 
0028. A "first level comprises physical MAC address authentication of a user device... 
coupled to a port of a network access device." See paragraph 0028 "[I]f packets received 
from user device 108 have a source MAC address that does not match any of the secure 
addresses... the network access device 102 either drops the packets or, alternately disable 
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the port entirely." See paragraph 0039 and Fig. 3, box 308. "The second level comprises 
authentication of the user of the user device, such as authentication in accordance with 
the IEEE 802. lx standard." See paragraph 0028. "[IJf the user is not valid. . .network ac- 
cess device 102 blocks all traffic on the port except for the reception or transmission of 
packets related to the user authentication protocol (802. lx control packets)." See para- 
graph 0039 and Fig. 3, box 314. "The third level comprises dynamic assignment of a 
particular user policy to the port based on the identity of the user. . . ", for example, to de- 
termine if resources are available to service the user device." See paragraph 0028 and 
0042. "If sufficient resources are not available, then network access device 102 blocks 
all traffic on the port except for the reception or transmission of packets related to the 
user authentication protocol (802. lx control packets)." See paragraph 0039 and Fig. 3, 
box 322. 

Of note, Kwan's basic unit for applying security measures is the port. Kwan does 
not envision dividing, or otherwise partitioning, a port into smaller logical units. 

The Applicant respectfully directs the Examiners attention to the limitations of 
"partitioning the shared media port into a plurality of logical subinterfaces, each logi- 
cal subinterface dedicated to providing access to a different network or subnetwork ac- 
cessible through the intermediate node" and "associating the received data packet with 
a first logical subinterface in the plurality of logical subinterfaces'" and "determining 
whether the first client node is authenticated to communicate over the first logical sub- 
interface's dedicated network or subnetwork." 

Rather than apply security measures to an entire port, the Applicant partitions a 
port into a plurality of logical subinterfaces, each logical subinterface dedicated to pro- 
viding access to a different network or subnetwork. The Applicant then authenticates a 
client to communicate over a particular logical subinterface. For background regarding 
logical subinterfaces, the Applicant respectfully directs the Examiner's attention to page 
8, lines 2-13 of the specification. 
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Kwan does not teach partitioning and authenticating at the subinterface level. The 
Applicant respectfully urges that the portions of Kwan cited in the Office Action in rela- 
tion to the claimed partitioning, actually discuss differing types of arrangements. 

For example, paragraph 0009 describes that "one or more computing devices are 
coupled to a single port of a switch via a central computing device." Such description 
relates to a wiring arrangement of separate devices. Multiple devices are attached to 
some aggregating device (akin to a hub) that in turn is attached to a port. There is no 
suggestion in paragraph 0009 that the port itself is somehow partitioned into smaller logi- 
cal units. 

Further, paragraphs 0009 and 0010 discuss "dynamically assigning a port of a net- 
work access device to a predetermined VLAN. ..." Such description relates to a port be- 
ing assigned to a larger group (i.e. a group of ports designated as a VLAN). The descrip- 
tion does not suggest the port itself is partitioned into smaller logical units. 

Accordingly, the Applicant respectfully urges that Kwan is legally insufficient to 
anticipate the present claims under 35 U.S.C. §102 because of the absence of the Appli- 
cant's claimed novel "partitioning the shared media port into a plurality of logical sub- 
interfaces, each logical subinterface dedicated to providing access to a different net- 
work or subnetwork accessible through the intermediate node" and "associating the 
received data packet with a first logical subinterface in the plurality of logical subinter- 
faces" and "determining whether the first client node is authenticated to communicate 
over the first logical subinterface's dedicated network or subnetwork." 

Claim Rejections - 35 U.S.C. §103 

At paragraphs 21-29 of the Office Action, claims 6 and 10 were rejected under 35 
U.S.C. § 103(a) over Kwan in view of Ng et al., U.S. Publication No. 2005/0177865 
(hereinafter Ng). 

At paragraphs 30-34 of the Office Action, claims 7, 16 and 20 were rejected under 
35 U.S.C. § 103(a) over Kwan in view of Haverinen et al., U.S. Publication No. 
2004/0208151 (hereinafter Haverinen). 
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At paragraphs 35-38 of the Office Action, claim 12 was rejected under 35 U.S.C. 
§103(a) over Kwan and in further view of Inoue et al., U.S. Patent No. 6,891,819 (herein- 
after Inoue). 

At paragraphs 39-42 of the Office Action, claim 13 was rejected under 35 U.S.C. 
§ 103(a) over Kwan and in further view of Roese, U.S. Publication No. 2004/0158735 
(hereinafter Roese). 

The Applicant notes that all of the claims rejected under U.S.C. §103 are depend- 
ent claims which depended from independent claims believed to be allowable. Accord- 
ingly, the dependent claims are also believed to be allowable for at least this reason as 
well as for other separate reasons. 

Should the Examiner believe telephonic contact would be helpful in the 
disposition of this Application, the Examiner is encouraged to call the undersigned 
attorney at (617) 951-2500. 

In summary, all the independent claims are believed to be in condition for allow- 
ance and therefore all dependent claims that depend there from are believed to be in con- 
dition for allowance. The Applicant respectfully solicits favorable action. 

Please charge any additional fee occasioned by this paper to our Deposit 

Please charge any additional fee occasioned by this paper to our Deposit Account 
No. 03-1237. 

Respectfully submitted, 

CL. 

Jamis'A. Blanchette 
Reg. No. 5 1,477 

CESARI AND MCKENNA, LLP 
88 Black Falcon Avenue 
Boston, MA 02210-2414 
(617) 951-2500 
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